/**
 * OWASP GoatDroid Project
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * GoatDroid project. For details, please see
 * https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
 *
 * Copyright (c) 2011 - The OWASP Foundation
 * 
 * GoatDroid is published by OWASP under the GPLv3 license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jack Mannino, nVisium Security (https://www.nvisiumsecurity.com)
 * @created 2011
 */
package org.owasp.goatdroid.fourgoats.webservice.login;

import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import org.owasp.goatdroid.fourgoats.webservice.Constants;
import org.owasp.goatdroid.fourgoats.webservice.Salts;
import org.owasp.goatdroid.fourgoats.webservice.base.BaseDAO;
import com.mysql.jdbc.Connection;
import com.mysql.jdbc.PreparedStatement;

public class LoginDAO extends BaseDAO {

	public LoginDAO() throws InstantiationException, IllegalAccessException,
			ClassNotFoundException, SQLException {
		Class.forName("com.mysql.jdbc.Driver").newInstance();
		conn = (Connection) DriverManager
				.getConnection(Constants.DB_CONNECTION_STRING);
	}

	public long getSessionStartTime(String sessionToken) throws SQLException {

		String sql = "select sessionStartTime from users where sessionToken = ?";
		PreparedStatement selectStartTime = (PreparedStatement) conn
				.prepareCall(sql);
		selectStartTime.setString(1, sessionToken);
		ResultSet rs = selectStartTime.executeQuery();
		rs.next();
		return rs.getLong("sessionStartTime");
	}

	public boolean validateCredentials(String userName, String password)
			throws SQLException {

		String sql = "select username from users where username = ? and password = ?";
		PreparedStatement selectUser = (PreparedStatement) conn
				.prepareCall(sql);
		selectUser.setString(1, userName);
		selectUser.setString(2, LoginUtils.generateSaltedSHA512Hash(password,
				Salts.PASSWORD_HASH_SALT));
		ResultSet rs = selectUser.executeQuery();
		if (rs.next()) {
			return true;
		} else {
			return false;
		}
	}

	public void updateSessionInformation(String userName, String sessionToken,
			long sessionStartTime) throws SQLException {

		String sql = "update users SET sessionToken = ?, sessionStartTime = ? where userName = ?";
		PreparedStatement updateStatement = (PreparedStatement) conn
				.prepareCall(sql);
		updateStatement.setString(1, sessionToken);
		updateStatement.setDouble(2, sessionStartTime);
		updateStatement.setString(3, userName);
		updateStatement.executeUpdate();
	}

	public HashMap<String, Boolean> getPreferences(String userName)
			throws SQLException {

		String sql = "select autoCheckin, isPublic from users where userName = ?";
		PreparedStatement selectStatement = (PreparedStatement) conn
				.prepareCall(sql);
		selectStatement.setString(1, userName);
		ResultSet rs = selectStatement.executeQuery();
		HashMap<String, Boolean> preferences = new HashMap<String, Boolean>();
		rs.next();
		preferences.put("autoCheckin", rs.getBoolean("autoCheckin"));
		preferences.put("isPublic", rs.getBoolean("isPublic"));
		return preferences;
	}

	public void terminateSession(String sessionToken) throws SQLException {

		String sql = "update users SET sessionToken = 0, sessionStartTime = 0 where sessionToken = ?";
		PreparedStatement updateStatement = (PreparedStatement) conn
				.prepareCall(sql);
		updateStatement.setString(1, sessionToken);
		updateStatement.executeUpdate();
	}
}
